Command Injection Vulnerability in Netgear Router Products
CVE-2024-54807

9.8CRITICAL

Key Information:

Vendor
Netgear
Status
Vendor
CVE Published:
31 March 2025

Summary

A command injection vulnerability exists in the UPNP service of the Netgear WNR854T router, particularly in the addmap_exec function. This function improperly processes the NewInternalClient parameter from the AddPortMapping SOAPAction. By sending a specifically crafted SOAPAction request, an attacker can execute arbitrary commands on the router, compromising the device's integrity and potentially the entire network. Mitigating this vulnerability is essential to ensure the security of users’ networks.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.